我在OIDC身份验证流程上遇到问题,我能够通过我的身份提供程序(IdentityServer 4)登录,并且JWT令牌将userObject返回到我的应用程序,但是当我刷新我的应用程序时,出现以下错误:
core.js:4002 ERROR Error: Uncaught (in promise): Error: No matching state found in storage
Error: No matching state found in storage
at oidc-client.min.js:1
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:391)
at Object.onInvoke (core.js:26256)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:390)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.run (zone.js:150)
at zone.js:910
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:423)
at Object.onInvokeTask (core.js:26247)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:422)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:195)
at resolvePromise (zone.js:852)
at resolvePromise (zone.js:809)
at zone.js:913
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:423)
at Object.onInvokeTask (core.js:26247)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:422)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:195)
at drainMicroTaskQueue (zone.js:601)
我找到了一篇有关该问题的关于stackoverflow的文章,它说这与运行浏览器的计算机的时间设置有关(显然是因为令牌的到期时间不再正确),但是我设置了机器时间设置为自动,所以我真的不认为这是问题。由于正常的身份验证有效并且令牌存在于浏览器的存储中,我有点迷失了可能导致流程中此问题的原因。如果有人可以说明该操作,则在UserManager上调用getUser()函数时,OIDC客户端会执行此操作。
当用户已经登录并且刷新页面时,将执行以下代码。
isLoggedIn(): Promise<boolean> {
return this._userManager.getUser().then(user => {
const userCurrent = !!user && !user.expired;
if (userCurrent) {
this.user$.next(user);
} else {
this.user$.next(null);
}
return userCurrent;
});
}
example of the token in localStorage:
id: "fa5c5393c4a44b16837e4f564c56a365"
created: 1584277644
request_type: "si:s"
code_verifier: "6f2a86723f55447ebeb1cca50af6f76b52859054f7cb4cd3afcfe5254e9a792f963c17a46e154343967f62b14e7f9722"
redirect_uri: "http://localhost:4200/assets/silent-callback.html"
authority: "https://localhost:44379/"
client_id: "spa-client"
response_mode: "query"
scope: "openid profile api"
extraTokenParams: {}
example of the token in Session storage
id_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1KSllJdGhidEQ1bmdURG1Td2JjVmciLCJ0eXAiOiJKV1QifQ.eyJuYmYiOjE1ODQyNzcxMDMsImV4cCI6MTU4NDI3NzQwMywiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNzkiLCJhdWQiOiJzcGEtY2xpZW50IiwiaWF0IjoxNTg0Mjc3MTAzLCJhdF9oYXNoIjoiZk0wYUF3YUpRb0ZreVYzb2xYNlNWUSIsInNfaGFzaCI6IjhadVlJdk9Cck40OXRjeWFPaFk3cHciLCJzaWQiOiJHbHVVTDdGZzVZbmlfNlRxcnRBeGFRIiwic3ViIjoiY2MwMTI2OTQtNGU5Yi00ZjcxLWE0OWItNDFhZWY2OWVjOGNiIiwiYXV0aF90aW1lIjoxNTg0MjY5MjI4LCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.kcBKMhuQsCrRWg8VH8yCZ4_5oMXTNDQwKM4Fg-e4QPkh0IlVmpdgneAazawXe3ojuSqcZm14O7L6WzSA1TBYOlWI6X0Osl-SxIN96ay5MmYs6qyRURbYNcCtlvRUFMY-6u9nTMrS7h-W2kr1PCF-lolpr8jViXKo1-tIB3vxUCXsgNiZcdcgpxiNIjaMd6t0jgdpGEm51NVDewYp5VzqrfhBRAY8FPhy7Wc2Zl-mMjxZ2YC3z-gf3TVJl5MK8iwx3lLY1lUlFalLgZJCtHEA3R8tPrfYx7f64wfLOQ1fkx6SdcqT30PCBrusQPkqquq-sy2P7qY6sSlVGZtN2O5VPw"
session_state: "MfoLa3dMUAKh79AMx8S0xlHemzY0ieRdYk2WTVO0QVQ.UnAX5icbh4njcczlwtbGYw"
access_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1KSllJdGhidEQ1bmdURG1Td2JjVmciLCJ0eXAiOiJhdCtqd3QifQ.eyJuYmYiOjE1ODQyNzcxMDMsImV4cCI6MTU4NDI3NzcwMywiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNzkiLCJhdWQiOiJhcGkiLCJjbGllbnRfaWQiOiJzcGEtY2xpZW50Iiwic3ViIjoiY2MwMTI2OTQtNGU5Yi00ZjcxLWE0OWItNDFhZWY2OWVjOGNiIiwiYXV0aF90aW1lIjoxNTg0MjY5MjI4LCJpZHAiOiJsb2NhbCIsInNjb3BlIjpbIm9wZW5pZCIsInByb2ZpbGUiLCJhcGkiXSwiYW1yIjpbInB3ZCJdfQ.UAyMaVpsimUCRKS1ahqDnbywl0h3WrfuHNu83spdl9q6kb-IwecHyHnSqjHVElcDQzxZBrW1XPQycsx0BMcDA1OMN9vsmagpescW2BxZuojy2sD0FHeVoTrL2tQVzvXEsfPzW7v7woUw1x13UPxoukIMfn_yBQGITRzsEWPfdp5IaWoLOi9zTNsqPXmr5xZU4CAF-yIOWmQKrOVsKjWig5AZR1cA4wPVYVmnCNHKPmEPXa00AflE4TR1MvbvKktBEmAPi-EDlEIFCIjHJotuyo5vHG-71FiGpYvfzl_N2YAzYPSu2QMqnylXCeS-BHPHBWePDJpzj7OSMF5X5WcIfg"
token_type: "Bearer"
scope: "openid profile api"
profile: {s_hash: "8ZuYIvOBrN49tcyaOhY7pw", sid: "GluUL7Fg5Yni_6TqrtAxaQ",…}
expires_at: 1584277703